nested.py (1414B)
1 def main(request, response): 2 origin = request.GET.first(b"origin"); 3 value = request.GET.first(b"value"); 4 # This is used to solve the race condition we have for postMessages 5 shouldSucceed = request.GET.first(b"loadShouldSucceed", b"false"); 6 return ([(b"Content-Type", b"text/html")], 7 b"""<!DOCTYPE html> 8 <title>XFO.</title> 9 <body> 10 <script> 11 var gotMessage = false; 12 window.addEventListener("message", e => { 13 gotMessage = true; 14 window.parent.postMessage(e.data, "*"); 15 }); 16 17 var i = document.createElement("iframe"); 18 i.src = "%s/x-frame-options/support/xfo.py?value=%s"; 19 i.onload = _ => { 20 // Why 100ms timeout? Because that seems to be enough to stop the 21 // load event from racing with the onmessage event, and it's at least 22 // as long as the two renderAnimationFrame calls that used to be here. 23 setTimeout(_ => { 24 // The race condition problem we have is it is possible 25 // that the sub iframe is loaded before the postMessage is 26 // dispatched, as a result, the "Failed" message is sent 27 // out. So the way we fixed is we simply let the timeout 28 // to happen if we expect the "Loaded" postMessage to be 29 // sent 30 if (!gotMessage && %s != true) { 31 window.parent.postMessage("Failed", "*"); 32 } 33 }, 100); 34 }; 35 document.body.appendChild(i); 36 </script> 37 """ % (origin, value, shouldSucceed))